From owner-svn-src-head@freebsd.org Thu May 4 19:07:39 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9DC72D5B70C; Thu, 4 May 2017 19:07:39 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 70688E47; Thu, 4 May 2017 19:07:39 +0000 (UTC) (envelope-from lidl@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v44J7c1S015685; Thu, 4 May 2017 19:07:38 GMT (envelope-from lidl@FreeBSD.org) Received: (from lidl@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v44J7bxj015673; Thu, 4 May 2017 19:07:37 GMT (envelope-from lidl@FreeBSD.org) Message-Id: <201705041907.v44J7bxj015673@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: lidl set sender to lidl@FreeBSD.org using -f From: Kurt Lidl Date: Thu, 4 May 2017 19:07:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r317802 - in head/contrib/blacklist: . bin etc/rc.d lib libexec port X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 May 2017 19:07:39 -0000 Author: lidl Date: Thu May 4 19:07:37 2017 New Revision: 317802 URL: https://svnweb.freebsd.org/changeset/base/317802 Log: Merge latest version of blacklist sources from NetBSD (@ 20170503) MFC after: 3 days Sponsored by: The FreeBSD Foundation Replaced: head/contrib/blacklist/port/config.h (contents, props changed) Modified: head/contrib/blacklist/README head/contrib/blacklist/bin/blacklistctl.8 head/contrib/blacklist/bin/blacklistctl.c head/contrib/blacklist/bin/blacklistd.c head/contrib/blacklist/bin/blacklistd.conf.5 head/contrib/blacklist/etc/rc.d/blacklistd head/contrib/blacklist/lib/bl.c head/contrib/blacklist/lib/libblacklist.3 head/contrib/blacklist/libexec/blacklistd-helper head/contrib/blacklist/port/Makefile.am head/contrib/blacklist/port/sockaddr_snprintf.c Directory Properties: head/contrib/blacklist/ (props changed) Modified: head/contrib/blacklist/README ============================================================================== --- head/contrib/blacklist/README Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/README Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -# $NetBSD: README,v 1.7 2015/01/26 00:34:50 christos Exp $ +# $NetBSD: README,v 1.8 2017/04/13 17:59:34 christos Exp $ This package contains library that can be used by network daemons to communicate with a packet filter via a daemon to enforce opening and @@ -98,6 +98,16 @@ group "internal" on $int_if { ... } +You can use 'blacklistctl dump -a' to list all the current entries +in the database; the ones that have nfail / where urrent +>= otal, should have an id assosiated with them; this means that +there is a packet filter rule added for that entry. For npf, you +can examine the packet filter dynamic rule entries using 'npfctl +rule list'. The number of current entries can exceed +the total. This happens because entering packet filter rules is +asynchronous; there could be other connection before the rule +becomes activated. + Enjoy, christos Modified: head/contrib/blacklist/bin/blacklistctl.8 ============================================================================== --- head/contrib/blacklist/bin/blacklistctl.8 Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/bin/blacklistctl.8 Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistctl.8,v 1.7 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistctl.8,v 1.9 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -77,7 +77,8 @@ it to make sure that there is only one r .Nm first appeared in .Nx 7 . -.Fx support for +.Fx +support for .Nm was implemented in .Fx 11 . Modified: head/contrib/blacklist/bin/blacklistctl.c ============================================================================== --- head/contrib/blacklist/bin/blacklistctl.c Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/bin/blacklistctl.c Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $ */ +/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include -__RCSID("$NetBSD: blacklistctl.c,v 1.20 2016/04/04 15:52:56 christos Exp $"); +__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $"); #include #include Modified: head/contrib/blacklist/bin/blacklistd.c ============================================================================== --- head/contrib/blacklist/bin/blacklistd.c Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/bin/blacklistd.c Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $ */ +/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ #include "config.h" #endif #include -__RCSID("$NetBSD: blacklistd.c,v 1.35 2016/09/26 19:43:43 christos Exp $"); +__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $"); #include #include @@ -403,12 +403,14 @@ int main(int argc, char *argv[]) { int c, tout, flags, flush, restore, ret; - const char *spath, *blsock; + const char *spath, **blsock; + size_t nblsock, maxblsock; setprogname(argv[0]); spath = NULL; - blsock = _PATH_BLSOCK; + blsock = NULL; + maxblsock = nblsock = 0; flush = 0; restore = 0; tout = 0; @@ -440,7 +442,17 @@ main(int argc, char *argv[]) restore++; break; case 's': - blsock = optarg; + if (nblsock >= maxblsock) { + maxblsock += 10; + void *p = realloc(blsock, + sizeof(*blsock) * maxblsock); + if (p == NULL) + err(EXIT_FAILURE, + "Can't allocate memory for %zu sockets", + maxblsock); + blsock = p; + } + blsock[nblsock++] = optarg; break; case 't': tout = atoi(optarg) * 1000; @@ -487,9 +499,11 @@ main(int argc, char *argv[]) size_t nfd = 0; size_t maxfd = 0; - if (spath == NULL) - addfd(&pfd, &bl, &nfd, &maxfd, blsock); - else { + for (size_t i = 0; i < nblsock; i++) + addfd(&pfd, &bl, &nfd, &maxfd, blsock[i]); + free(blsock); + + if (spath) { FILE *fp = fopen(spath, "r"); char *line; if (fp == NULL) @@ -499,6 +513,8 @@ main(int argc, char *argv[]) addfd(&pfd, &bl, &nfd, &maxfd, line); fclose(fp); } + if (nfd == 0) + addfd(&pfd, &bl, &nfd, &maxfd, _PATH_BLSOCK); state = state_open(dbfile, flags, 0600); if (state == NULL) Modified: head/contrib/blacklist/bin/blacklistd.conf.5 ============================================================================== --- head/contrib/blacklist/bin/blacklistd.conf.5 Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/bin/blacklistd.conf.5 Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.3 2015/04/30 06:20:43 riz Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -218,7 +218,8 @@ bnx0:ssh * * * * 3 6h .Nm first appeared in .Nx 7 . -.Fx support for +.Fx +support for .Nm was implemented in .Fx 11 . Modified: head/contrib/blacklist/etc/rc.d/blacklistd ============================================================================== --- head/contrib/blacklist/etc/rc.d/blacklistd Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/etc/rc.d/blacklistd Thu May 4 19:07:37 2017 (r317802) @@ -1,6 +1,6 @@ #!/bin/sh # -# $NetBSD: blacklistd,v 1.1 2015/01/22 17:49:41 christos Exp $ +# $NetBSD: blacklistd,v 1.2 2016/10/17 22:47:16 christos Exp $ # # PROVIDE: blacklistd @@ -18,7 +18,7 @@ start_precmd="${name}_precmd" extra_commands="reload" _sockfile="/var/run/${name}.sockets" -_sockname="blsock" +_sockname="blacklistd.sock" blacklistd_precmd() { Modified: head/contrib/blacklist/lib/bl.c ============================================================================== --- head/contrib/blacklist/lib/bl.c Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/lib/bl.c Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -/* $NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $ */ +/* $NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $ */ /*- * Copyright (c) 2014 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include -__RCSID("$NetBSD: bl.c,v 1.27 2015/12/30 16:42:48 christos Exp $"); +__RCSID("$NetBSD: bl.c,v 1.28 2016/07/29 17:13:09 christos Exp $"); #include #include Modified: head/contrib/blacklist/lib/libblacklist.3 ============================================================================== --- head/contrib/blacklist/lib/libblacklist.3 Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/lib/libblacklist.3 Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -.\" $NetBSD: libblacklist.3,v 1.3 2015/01/25 23:09:28 wiz Exp $ +.\" $NetBSD: libblacklist.3,v 1.7 2017/02/04 23:33:56 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -36,7 +36,7 @@ .Nm blacklist_r , .Nm blacklist , .Nm blacklist_sa -.Nm blacklist_sa_r , +.Nm blacklist_sa_r .Nd Blacklistd notification library .Sh LIBRARY .Lb libblacklist @@ -62,7 +62,7 @@ block or release port access to prevent .Pp The function .Fn blacklist_open -creates a the necessary state to communicate with +creates the necessary state to communicate with .Xr blacklistd 8 and returns a pointer to it, or .Dv NULL @@ -106,18 +106,25 @@ All functions log errors to .Xr syslogd 8 . .Sh RETURN VALUES The function -.Fn bl_open +.Fn blacklist_open returns a cookie on success and .Dv NULL -on failure setting errno to an appropriate value. -.Pp -The -.Fn bl_send -function returns +on failure setting +.Dv errno +to an appropriate value. +.Pp +The functions +.Fn blacklist , +.Fn blacklist_sa , +and +.Fn blacklist_sa_r +return .Dv 0 on success and -.Dv -1 -on failure setting errno to an appropriate value. +.Dv \-1 +on failure setting +.Dv errno +to an appropriate value. .Sh SEE ALSO .Xr blacklistd.conf 5 , .Xr blacklistd 8 Modified: head/contrib/blacklist/libexec/blacklistd-helper ============================================================================== --- head/contrib/blacklist/libexec/blacklistd-helper Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/libexec/blacklistd-helper Thu May 4 19:07:37 2017 (r317802) @@ -19,8 +19,8 @@ fi if [ -z "$pf" ]; then for f in npf pf ipf; do if [ -f "/etc/$f.conf" ]; then - pf="$f" - break + pf="$f" + break fi done fi Modified: head/contrib/blacklist/port/Makefile.am ============================================================================== --- head/contrib/blacklist/port/Makefile.am Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/port/Makefile.am Thu May 4 19:07:37 2017 (r317802) @@ -1,11 +1,11 @@ # ACLOCAL_AMFLAGS = -I m4 lib_LTLIBRARIES = libblacklist.la -include_HEADERS = blacklist.h +include_HEADERS = ../include/blacklist.h bin_PROGRAMS = blacklistd blacklistctl srvtest cltest -VPATH = ../bin:../lib:../test +VPATH = ../bin:../lib:../test:../include AM_CPPFLAGS = -I../include -DDOT="." AM_CFLAGS = @WARNINGS@ Added: head/contrib/blacklist/port/config.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/contrib/blacklist/port/config.h Thu May 4 19:07:37 2017 (r317802) @@ -0,0 +1,3 @@ +#if defined(__FreeBSD__) +#include "port.h" +#endif Modified: head/contrib/blacklist/port/sockaddr_snprintf.c ============================================================================== --- head/contrib/blacklist/port/sockaddr_snprintf.c Thu May 4 19:01:17 2017 (r317801) +++ head/contrib/blacklist/port/sockaddr_snprintf.c Thu May 4 19:07:37 2017 (r317802) @@ -1,4 +1,4 @@ -/* $NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $ */ +/* $NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $ */ /*- * Copyright (c) 2004 The NetBSD Foundation, Inc. @@ -34,7 +34,7 @@ #include #if defined(LIBC_SCCS) && !defined(lint) -__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.10 2016/04/05 12:28:57 christos Exp $"); +__RCSID("$NetBSD: sockaddr_snprintf.c,v 1.11 2016/06/01 22:57:51 christos Exp $"); #endif /* LIBC_SCCS and not lint */ #include @@ -219,7 +219,7 @@ sockaddr_snprintf(char * const sbuf, con case AF_LINK: sdl = ((const struct sockaddr_dl *)(const void *)sa); (void)strlcpy(addr = abuf, link_ntoa(sdl), sizeof(abuf)); - if ((w = strchr(addr, ':')) != 0) { + if ((w = strchr(addr, ':')) != NULL) { *w++ = '\0'; addr = w; }